mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-22 12:52:49 +01:00
eap-aka: Memzero secrets after use
This commit is contained in:
parent
28840b29a8
commit
b1317d3984
@ -107,6 +107,16 @@ struct eap_aka_handle {
|
|||||||
unsigned int auth_watch;
|
unsigned int auth_watch;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
static void eap_aka_clear_secrets(struct eap_aka_handle *aka)
|
||||||
|
{
|
||||||
|
explicit_bzero(aka->mk, sizeof(aka->mk));
|
||||||
|
explicit_bzero(aka->k_encr, sizeof(aka->k_encr));
|
||||||
|
explicit_bzero(aka->k_aut, sizeof(aka->k_aut));
|
||||||
|
explicit_bzero(aka->k_re, sizeof(aka->k_re));
|
||||||
|
explicit_bzero(aka->msk, sizeof(aka->msk));
|
||||||
|
explicit_bzero(aka->emsk, sizeof(aka->emsk));
|
||||||
|
}
|
||||||
|
|
||||||
static void eap_aka_free(struct eap_state *eap)
|
static void eap_aka_free(struct eap_state *eap)
|
||||||
{
|
{
|
||||||
struct eap_aka_handle *aka = eap_get_data(eap);
|
struct eap_aka_handle *aka = eap_get_data(eap);
|
||||||
@ -114,6 +124,8 @@ static void eap_aka_free(struct eap_state *eap)
|
|||||||
if (aka->auth)
|
if (aka->auth)
|
||||||
sim_auth_unregistered_watch_remove(aka->auth, aka->auth_watch);
|
sim_auth_unregistered_watch_remove(aka->auth, aka->auth_watch);
|
||||||
|
|
||||||
|
eap_aka_clear_secrets(aka);
|
||||||
|
|
||||||
l_free(aka->identity);
|
l_free(aka->identity);
|
||||||
l_free(aka->kdf_in);
|
l_free(aka->kdf_in);
|
||||||
l_free(aka);
|
l_free(aka);
|
||||||
@ -160,12 +172,9 @@ static void check_milenage_cb(const uint8_t *res, const uint8_t *ck,
|
|||||||
struct eap_state *eap = data;
|
struct eap_state *eap = data;
|
||||||
struct eap_aka_handle *aka = eap_get_data(eap);
|
struct eap_aka_handle *aka = eap_get_data(eap);
|
||||||
|
|
||||||
uint8_t prng_buf[160];
|
|
||||||
size_t resp_len = aka->protected ? 44 : 40;
|
size_t resp_len = aka->protected ? 44 : 40;
|
||||||
uint8_t response[resp_len + 4];
|
uint8_t response[resp_len + 4];
|
||||||
uint8_t *pos = response;
|
uint8_t *pos = response;
|
||||||
uint8_t ik_p[EAP_AKA_IK_LEN];
|
|
||||||
uint8_t ck_p[EAP_AKA_CK_LEN];
|
|
||||||
|
|
||||||
if (auts) {
|
if (auts) {
|
||||||
/*
|
/*
|
||||||
@ -190,6 +199,10 @@ static void check_milenage_cb(const uint8_t *res, const uint8_t *ck,
|
|||||||
goto chal_error;
|
goto chal_error;
|
||||||
|
|
||||||
if (aka->type == EAP_TYPE_AKA_PRIME) {
|
if (aka->type == EAP_TYPE_AKA_PRIME) {
|
||||||
|
bool r;
|
||||||
|
uint8_t ik_p[EAP_AKA_IK_LEN];
|
||||||
|
uint8_t ck_p[EAP_AKA_CK_LEN];
|
||||||
|
|
||||||
if (!eap_aka_derive_primes(ck, ik, aka->autn,
|
if (!eap_aka_derive_primes(ck, ik, aka->autn,
|
||||||
(uint8_t *)aka->kdf_in, strlen(aka->kdf_in),
|
(uint8_t *)aka->kdf_in, strlen(aka->kdf_in),
|
||||||
ck_p, ik_p)) {
|
ck_p, ik_p)) {
|
||||||
@ -197,12 +210,19 @@ static void check_milenage_cb(const uint8_t *res, const uint8_t *ck,
|
|||||||
goto chal_fatal;
|
goto chal_fatal;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!eap_aka_prf_prime(ik_p, ck_p, aka->identity, aka->k_encr,
|
r = eap_aka_prf_prime(ik_p, ck_p, aka->identity, aka->k_encr,
|
||||||
aka->k_aut, aka->k_re, aka->msk, aka->emsk)) {
|
aka->k_aut, aka->k_re, aka->msk, aka->emsk);
|
||||||
|
explicit_bzero(ik_p, sizeof(ik_p));
|
||||||
|
explicit_bzero(ck_p, sizeof(ck_p));
|
||||||
|
|
||||||
|
if (!r) {
|
||||||
l_error("could not derive encryption keys");
|
l_error("could not derive encryption keys");
|
||||||
goto chal_fatal;
|
goto chal_fatal;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
uint8_t prng_buf[160];
|
||||||
|
bool r;
|
||||||
|
|
||||||
if (!derive_aka_mk(aka->identity, ik, ck, aka->mk)) {
|
if (!derive_aka_mk(aka->identity, ik, ck, aka->mk)) {
|
||||||
l_error("error deriving MK");
|
l_error("error deriving MK");
|
||||||
goto chal_fatal;
|
goto chal_fatal;
|
||||||
@ -210,8 +230,11 @@ static void check_milenage_cb(const uint8_t *res, const uint8_t *ck,
|
|||||||
|
|
||||||
eap_sim_fips_prf(aka->mk, 20, prng_buf, 160);
|
eap_sim_fips_prf(aka->mk, 20, prng_buf, 160);
|
||||||
|
|
||||||
if (!eap_sim_get_encryption_keys(prng_buf, aka->k_encr,
|
r = eap_sim_get_encryption_keys(prng_buf, aka->k_encr,
|
||||||
aka->k_aut, aka->msk, aka->emsk)) {
|
aka->k_aut, aka->msk, aka->emsk);
|
||||||
|
explicit_bzero(prng_buf, sizeof(prng_buf));
|
||||||
|
|
||||||
|
if (!r) {
|
||||||
l_error("could not derive encryption keys");
|
l_error("could not derive encryption keys");
|
||||||
goto chal_fatal;
|
goto chal_fatal;
|
||||||
}
|
}
|
||||||
@ -695,12 +718,7 @@ static bool eap_aka_reset_state(struct eap_state *eap)
|
|||||||
l_free(aka->chal_pkt);
|
l_free(aka->chal_pkt);
|
||||||
aka->chal_pkt = NULL;
|
aka->chal_pkt = NULL;
|
||||||
|
|
||||||
memset(aka->mk, 0, sizeof(aka->mk));
|
eap_aka_clear_secrets(aka);
|
||||||
memset(aka->k_encr, 0, sizeof(aka->k_encr));
|
|
||||||
memset(aka->k_aut, 0, sizeof(aka->k_aut));
|
|
||||||
memset(aka->msk, 0, sizeof(aka->msk));
|
|
||||||
memset(aka->emsk, 0, sizeof(aka->emsk));
|
|
||||||
memset(aka->k_re, 0, sizeof(aka->k_re));
|
|
||||||
memset(aka->autn, 0, sizeof(aka->autn));
|
memset(aka->autn, 0, sizeof(aka->autn));
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
Loading…
Reference in New Issue
Block a user